Digital ransom: Schools vanquish virus
Some farsighted technology saved Bigfork schools a digital disaster, providing the perfect inoculation against a potentially lethal virus.
And now, cyber-cops are on the case.
Superintendent Matt Jensen sent out letters to staff members and students' parents Tuesday and Wednesday (Nov. 22 and 23) notifying them that a “ransonware” virus infected the district’s student information system called Schoolmaster.
According to the letter, “Schoolmaster is used for student directory information as well as student grades. Please note that Schoolmaster does not contain student or parent social security numbers.”
But former and current district network managers Don Richardson and Tim Ehrlich, acting as digital-James Bonds, vanquished the virus before it could do much damage.
Jensen said, Richardson was part of Bigfork Schools for roughly 40 years and built the district’s network system from scratch.
“At some point, he had the foresight to ensure we had significant backups, which were critical in dealing with this nasty virus,” Jensen said.
Ehrlich started working for the district this year.
“He has done a great job to decode the encrypted information as well as evaluate, analyze and rebuild our systems,” Jensen said. “We could not have worked through this issue without his high technical abilities.”
The virus attempts to contaminate data then request a ransom-style payment to restore the data intact, Jensen said.
Jensen, who believes the long-term damage is minimal, informed law enforcement officials about the act.
“This is a virus, not a breach or hack,” he said. “A breach or hack implies data was captured and moved. In this situation, a virus entered our system and encrypted our information.”
He said the virus is “ransumware,” designed to make district officials uncomfortable enough to pay up.
“We did not contact (the suspects), so I am not sure what the were asking of us, but it is typically a few thousand (dollars),” Jensen said. “Regardless, we had the info stored on backup servers, so it was a matter of cleaning our machines and servers, before deleting the encrypted information and replacing it with our backup information.”
In one of the letters, Jensen wrote: There is no evidence at this time to suggest that the perpetrators intend to use the infected information to target specific individuals within the district.
The district also contracts with Montana Sky Networks, “...and they have been very responsive to the situation,” Jensen said.